CVE-2005-1858

Name of the Vulnerable Software and Affected Versions FUSE versions prior to 2.3.0

Description The issue is related to multiple vulnerabilities in the FUSE package of the Debian GNU/Linux operating system, which can lead to a breach of confidentiality of protected information. These vulnerabilities can be exploited by a local attacker. The problem arises because FUSE 2.x does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, potentially allowing local users to obtain sensitive information.

Recommendations For versions prior to 2.3.0, update to version 2.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and limiting the privileges of local users to minimize the risk of exploitation.